VMware ESX Code Execution and Denial of Service Vulnerabilities : VMblog.com - Virtualization Technology News and Information for Everyone

Article

Search:

VMware ESX Code Execution and Denial of Service Vulnerabilities

The French Security Incident Response Team (FrSIRT) has alerted users to a high risk and exploitable problem titled VMware ESX Code Execution and Denial of Service Vulnerabilities. It affects VMware ESX Server version 3.5.

Multiple vulnerabilities have been identified in VMware ESX Server, which could be exploited by attackers to cause a denial of service, disclose sensitive information, bypass security restrictions or compromise an affected system. These issues are caused by errors in pcre, net-snmp, and OpenPegasus. For additional information, see : FrSIRT/ADV-2007-3725 - FrSIRT/ADV-2007-3802 - FrSIRT/ADV-2008-0063

The solution:

Apply patches (ESX350-200803214-UG and ESX350-200803214-UG) :
http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip
http://download3.vmware.com/software/esx/ESX350-200803201-UG.zip

Published Wednesday, April 16, 2008 6:05 AM by David Marshall

Filed under: General News, Server Virtualization

Share this post:

Del.ici.ous

Digg

Newsvine

Slashdot

Technorati

Comments

PingBack from http://technology.survivethemedia.com/2008/04/16/vmware-esx-code-execution-and-denial-of-service-vulnerabilities/

Found this via vmblog.com...The French Security Incident Response Team (FrSIRT) has alerted users to a high risk and exploitable problem titled VMware ESX Code Execution and Denial of Service Vulnerabilities.  It affects VMware ESX Server version

The patches are also already in the Update 1 releases for ESX 3.5 and VC 2.5 from VMware. So if you are applying that update you should be covered.

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!

Platform Technology

Virtualization Books